In order to gain access to applications or other resources via a computer or another user device, users are often required to authenticate themselves by entering authentication information. Such authentication information may include, for example, passwords that are generated by a security token carried by a user. These passwords may be, for example, one-time passwords that are generated using a time-synchronous or event-based algorithm.
Sensor-equipped, wireless wearable computing devices are becoming increasingly popular consumer items. Examples of such wireless wearable computing devices include fitness-tracking devices, such as the Jawbone™ and Nike Fuel™ wristbands and the Fitbit™ clip-on device, augmented-reality headsets, such as Google Glass™, smartwatches and sensor-inlaid clothing. In many cases, users wear these devices continuously throughout the day. Some fitness trackers, for example, are waterproof and monitor sleep behavior, encouraging their use even while bathing and sleeping. Wireless, portable medical devices are also increasingly used and are generally carried by their users at all times, and may even be surgically implanted.
A number of authentication schemes have been proposed that employ wearable, wireless devices (or deploy special-purpose ones) for user authentication. For example, physical-access control using implanted RFID tags, gesture-based user authentication, and wireless “beacons” have been used to authenticate their users. Such devices are generically referred to as wearable, wireless authenticators (WWAs).
WW As can use any of a variety of cryptographic protocols to authenticate themselves to other, relying devices, such as mobile phones, laptops and electronically lockable doors. User authentication to a relying device using a WWA, however, also requires a secure binding between the user and the WWA. Typically, such binding is accomplished in one of two ways: (1) the user is presumed to retain physical possession of the wearable device, and possibly to deactivate the device should it be stolen; or (2) the user is at some point biometrically authenticated by the wearable device via, e.g., pulse or presentation of a fingerprint.
A need remains for improved techniques for establishing a binding between a user and his or her wearable, wireless, authentication device.